Commit graph

16066 commits

Author SHA1 Message Date
Paul Elliott
2007d70a5a Improve changelog
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-23 09:59:14 +01:00
Paul Elliott
d7ab9f1260 Move the setting of id in driver wrappers
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-23 09:58:05 +01:00
Paul Elliott
fcb5cdc954 Add per function hits to driver wrappers
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-23 09:58:05 +01:00
Paul Elliott
ad53dcc975 Move common final checks to function
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-23 08:51:29 +01:00
Paul Elliott
5b065cb8cd Fix typo
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-23 08:51:24 +01:00
Paul Elliott
534d0b4484 Finish / Verify state checks
Ensure finish only called when encrypting and verify only called for
decrypting, and add tests to ensure this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 22:14:48 +01:00
Paul Elliott
f88a565f18 Better tag size default for m-aead finish
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 22:14:48 +01:00
Paul Elliott
d89304ebb7 Fix formatting issues
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 22:14:48 +01:00
Paul Elliott
e4030f2cd1 Replace function with macro that already exists
I wrote a function to determine the base algorithm given a variant,
however this is already implemented by
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 22:14:48 +01:00
Paul Elliott
7220cae93c Ensure generate nonce unavailable in decrypt
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 22:14:47 +01:00
Paul Elliott
5e3bb13111 Add set_lengths argument to all tests.
Run all tests that do not require set_lengths with and without setting
lengths.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
1c96429282 Remove encrypt/decrypt tests
Tests were not really providing any more coverage than already provided.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
c23a9a0799 Add state checks for multipart AEAD
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
d3f8241369 Add multipart tests
Test range of multipart sizes for all tests, rather than having to
define specific tests.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
8eb9dafda1 Add generate nonce test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
388f606acd Use correct size defines for buffers
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
1c8de15490 Update documentation to tally with recent changes
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
bc94978d8c Add missing unused arguments
No algorithm defined case generally doesn't use the operation.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Paul Elliott
40ef3a9454 Fix state logic and return codes
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-01 17:17:58 +01:00
Paul Elliott
83f09ef056 Proper multipart AEAD GCM Implementation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-01 17:17:47 +01:00
Paul Elliott
b2ce2ed6d8 Merge remote-tracking branch 'upstream/development' into psa-m-aead
Conflicts:
* None
2021-06-01 17:13:19 +01:00
Gilles Peskine
9f5c34cc88
Merge pull request #4596 from gilles-peskine-arm/nist_kw-null_dereference-3.0
Fix null pointer arithmetic in NIST_KW
2021-06-01 16:40:19 +02:00
Gilles Peskine
fe3069b7f1
Merge pull request #4585 from mpg/cipher-aead-delayed
Clarify multi-part AEAD calling sequence in Cipher module
2021-06-01 12:04:19 +02:00
Gilles Peskine
89ee599092 Fix null pointer arithmetic in error case
When mbedtls_nist_kw_wrap was called with output=NULL and out_size=0, it
performed arithmetic on the null pointer before detecting that the output
buffer is too small and returning an error code. This was unlikely to have
consequences on real-world hardware today, but it is undefined behavior and
UBSan with Clang 10 flagged it. So fix it (fix #4025).

Fix a similar-looking pattern in unwrap, though I haven't verified that it's
reachable there.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-01 11:22:56 +02:00
Manuel Pégourié-Gonnard
c01b87b820 Fix some typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-01 09:40:53 +02:00
Gilles Peskine
bbd617be5f Remove duplicated definition of ASSERT_ALLOC
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-31 20:33:17 +02:00
Gilles Peskine
b2827693b5 Remove spurious dependencies on PEM
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-31 20:33:15 +02:00
Manuel Pégourié-Gonnard
6d84e917bb
Merge pull request #4568 from creiter32/to_upstream/csr_critical_extensions
Expose flag for critical extensions
2021-05-31 12:46:59 +02:00
Manuel Pégourié-Gonnard
ee57ebe553 Add ChangeLog and migration guide entries
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-31 12:25:01 +02:00
Manuel Pégourié-Gonnard
42eba1a274 Fix a typo
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-31 12:14:02 +02:00
Manuel Pégourié-Gonnard
daae68d9b2
Merge pull request #4565 from mpg/fixup-changelog-4495-4286
Fix the "rm (D)TLS 1.0 1.1" ChangeLog entry
2021-05-31 11:37:04 +02:00
Manuel Pégourié-Gonnard
c42a0be00b Clarify calling sequence in the Cipher layer
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-31 11:13:35 +02:00
Ronald Cron
ea62d2f391
Merge pull request #4369 from hanno-arm/relax_psk_config
Implement relaxed semantics for static PSK configuration in Mbed TLS 3.0
2021-05-31 10:03:56 +02:00
Ronald Cron
f1eb425782
Merge pull request #4469 from xiaoxiang781216/padlock
aes: Check aes_padlock_ace > 0 before calling padlock
2021-05-28 11:06:40 +02:00
Hanno Becker
2bec09c113 Fix typo in migration guide
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-28 09:54:31 +01:00
Hanno Becker
934ab00f77 Minor improvement of ChangeLog wording
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-28 09:52:54 +01:00
Ronald Cron
c44a1d522a
Merge pull request #4507 from Venafi/userid-oid
Add OID for User ID
2021-05-28 10:43:41 +02:00
Hanno Becker
196739b478 Change wording in documentation of PSK configuration
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-28 05:33:14 +01:00
Ronald Cron
7146cb9488
Merge pull request #4559 from gilles-peskine-arm/psa-storage-format-test-algorithms-3.0
PSA storage format test: algorithms
2021-05-27 17:33:57 +02:00
Christoph Reiter
95273f4b07 Expose flag for critical extensions
Enables creating X.509 CSRs with critical extensions.

Signed-off-by: Christoph Reiter <christoph.reiter@infineon.com>
2021-05-27 14:27:43 +02:00
Ronald Cron
142c205ffc
Merge pull request #4513 from Patater/psa-without-genprime-fix
psa: Support RSA signature without MBEDTLS_GENPRIME
2021-05-27 14:19:24 +02:00
Manuel Pégourié-Gonnard
e9cac0e277 Fix inconsistent documentation of cipher_setup()
- the \internal note said that calling cipher_init() first would be made
mandatory later, but the documention of the ctx parameter already said
the context had to be initialized...
- the documentation was using the word initialize for two different
meanings (calling setup() vs calling init()), making the documentation
of the ctx parameter quite confusing (you must initialize before you can
initialize...)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-27 12:59:11 +02:00
Manuel Pégourié-Gonnard
f3bacd72d2
Merge pull request #4476 from TRodziewicz/Remove__SSL_DTLS_BADMAC_LIMIT_option
Remove _SSL_DTLS_BADMAC_LIMIT option
2021-05-27 09:41:34 +02:00
TRodziewicz
a86c312d92 Addition of the migration guide entry.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-26 15:29:36 +02:00
TRodziewicz
5c251c6a5e Add the ChangeLog file
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-26 13:36:40 +02:00
TRodziewicz
46cccb8f39 _SSL_DTLS_BADMAC_LIMIT config.h option removed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-26 13:36:21 +02:00
Manuel Pégourié-Gonnard
c87a07de90 Fix the "rm (D)TLS 1.0 1.1" ChangeLog entry
- Removing MBEDTLS_SSL_RECORD_CHECKING has nothing to do with TLS 1.0,
TLS 1.1 and DTLS 1.0. It has been included here as a consequence of an
unfortunate typo in the description of 4286. Actually, this macro was
removed independently and we already have a ChangeLog entry about it:
ChangeLog.d/issue4361.txt

- While at it, remove the word "deprecated": these macros and functions
had not been documented as deprecated in any version of the library
before being removed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-26 10:38:59 +02:00
Gilles Peskine
b7abba28e3
Merge pull request #4515 from tom-daubney-arm/remove_rsa_mode_params_2
Remove rsa mode params part 2
2021-05-25 20:36:33 +02:00
Gilles Peskine
8a5304d446
Merge pull request #4553 from gilles-peskine-arm/aria_alt-3.0
Fix ARIA_ALT header and self-test and CAMELLIA_ALT self-test
2021-05-25 20:32:40 +02:00
Gilles Peskine
2157e86389 Document include_intermediate in PSAMacroEnumerator
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 20:12:00 +02:00